Dunedin has been struck by a number of ransomware attacks recently, keeping our techs very busy. Crypotolocker, Cryptowall and CrypoDefense have all been successfully deployed in dunedin networks, causing grief for all involved.

Ransomware is a type of Malware that encrypts files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker once a ransom is paid. But there are simple ways to avoid the after effects of ransomware.

1. DON'T OPEN THAT ATTACHMENTMost ransomware is delivered via email, and is typically delivered opportunistically with a typical theme being shipping notices from delivery companies. In addition, the emails are also looking much more legitimate than they previously were, so email attachments can be more tempting to open. However, ransomware is also delivered via download attacks on compromised websites, and this style of infection is much harder to avoid.

2. BACK IT UPThe most reliable way to recover from an attack by ransomware relies largely on whether you have a good backup policy for your data. In order for your backups to be considered "good", there must be multiple (more than three) separate full backups, going back in time. If, for example, you backup to two external hard drives, where the drives are swapped out once per day, this number should be increased to at least four or five disks rotated in order.Because some ransomware will try to encrypt data on connected network shares and removable drives, it is likely that the most recent backup is also infected, leaving you with only one not-yet-connected drive with all of your data. It is very dangerous to rely on this one disk as it may have become corrupt itself (as data does from time to time) or you may not realise you have been infected until you have swapped the backup drives, causing your final backup drive to also be encrypted. This leaves you with no option but to pay the ransom.In addition to making sure you have multiple backups, you must also ensure that the backups retain their quality as over time data can become corrupt. to ensure your backups are good quality, each backup drive should be checked at least monthly.

3. ANTIVIRUSIf you don't already, get it. If its connected to the internet, it MUST have antivirus, no exceptions. Also, the Antivirus must be up to date. Make sure you keep up to date with your renewals.

4. MAIL FILTERIf you don't have a Mail Filter, now is the time to get one. MailMarshal, SMX, Office365. they all do a great job, and while the won't catch everything, they will significantly reduce the number of suspicious attachments getting onto your site.

5. FIREWALLIf you don't already have a Firewall, get one. the Fortinet Firewall is a cost effective and efficient firewall that can further restrict unauthorised external access. This is especially important if you have remote access into your site.

7. TURN IT OFF!If you think you have opened a suspicious attachment by mistake, turn off your computer and call Decision1. This can restrict the attack because the ransomware hopefully won’t get the chance to establish a connection with its control server to complete the encryption routine.

8. BUT WAIT, THERE'S MORE...For more info on how to keep yourself safe, these sites have comprehensive lists of tasks that can help reduce your risk.

Leave a Reply.

Author

As a Director of Decision1 for 15 years, Victoria Murgatroyd-McNoe has seen good and bad IT decisions that can drive the success or failure of a business. Here she shares her experiences so we can learn from them.